Re: Safe "Phishing"

2008-02-01 Thread Jeff Chan
Quoting mouss <[EMAIL PROTECTED]>: giga328 wrote: Hi Anthony, I will ask people from MailScanner also but for my email system is not possible to use MailScanner directly so I'm using spamd. My question is about lowering chances for false positives by having safe list from MailScanner. But sinc

Re: Safe "Phishing"

2008-02-01 Thread mouss
giga328 wrote: Hi Anthony, I will ask people from MailScanner also but for my email system is not possible to use MailScanner directly so I'm using spamd. My question is about lowering chances for false positives by having safe list from MailScanner. But since I just started to use SpamAssassing

Re: x-cr-hashedpuzzle

2008-02-01 Thread mouss
Michael Scheidell wrote: anyone looked at x-cr-hashedpuzzle? (its the strange, 'hash cash', 'postage stamp' that Outlook 11+ adds to emails it thinks might be blocked as spam) What about a plugin to decode, score, validate it? What about calculating it on outbound emails? Would that require a

Re: Can anyone help me? surbl.org FP problems?

2008-02-01 Thread mouss
David Zinder wrote: I ran several emails through SA with -D and search for RBL I find things like: [2891] dbg: async: starting: URI-DNSBL, DNSBL:multi.surbl.org.:worldchanging.com (timeout 15.0s, min 3.0s) [2891] dbg: dns: URIBL_PH_SURBL lookup start [2891] dbg: async: starting: URI-DNSBL, D

Re: Can anyone help me? surbl.org FP problems?

2008-02-01 Thread David Zinder
I ran several emails through SA with -D and search for RBL I find things like: [2891] dbg: async: starting: URI-DNSBL, DNSBL:multi.surbl.org.:worldchanging.com (timeout 15.0s, min 3.0s) [2891] dbg: dns: URIBL_PH_SURBL lookup start [2891] dbg: async: starting: URI-DNSBL, DNSBL:multi.uribl.com.:w

Re: Spam email gets through with X-Spam-Score header present but no score.

2008-02-01 Thread Theo Van Dinter
On Fri, Feb 01, 2008 at 09:23:26PM -, GQsm wrote: > I thought that every email that went through SA would receive a real number > score whether spam or not and under no instance should the score be > non-exsistent. It depends how you have things setup, but if the mail gets to SA, then it would

Spam email gets through with X-Spam-Score header present but no score.

2008-02-01 Thread GQsm
Sorry if this is old hat. I've googled a lot, searched the archived mailing list and read a lot of FAQs but have found nothing on this problem. I have had a few spam emails recently that got straight through to my inbox. On inspection the header shows "X-Spam-Status: No, score= " "X-Spam-Score:

x-cr-hashedpuzzle

2008-02-01 Thread Michael Scheidell
anyone looked at x-cr-hashedpuzzle? (its the strange, 'hash cash', 'postage stamp' that Outlook 11+ adds to emails it thinks might be blocked as spam) What about a plugin to decode, score, validate it? What about calculating it on outbound emails? Would that require a license from Microsoft do

Re: Bulk spam scan

2008-02-01 Thread Martin Gregorie
> U. What do you mean by "keep the two streams separate"? SA > processes what's handed to it, one message at a time; the only reason I > could see trying to separate things is if running your archive through > SA would bog down the server enough to impact regular mail flow. The > proces

Re: Bulk spam scan

2008-02-01 Thread Kris Deugau
Theo Van Dinter wrote: Huh? SA, and spamassassin specifically, certainly does handle splitting up mbox files into invdividual messages. Hence the --mbox option. I stand corrected. spamc, however, does not -- it's one message at a time. Reasonable enough, given that its primary usage is in

Re: Bulk spam scan

2008-02-01 Thread Kris Deugau
Martin Gregorie wrote: I'd got that message for SA's normal operation and have looked at the innards of spamc closely enough to see that can only handle a single message at a time. As I said above, it was the --mbox option that confused me because, in general, an mbox file contains multiple messa

Re: mass-check wiki page needs updating..

2008-02-01 Thread Richard D Alloway
On Thu, 31 Jan 2008, Justin Mason wrote: quick survey: Is anyone using mass-check without previously having SVN set up? Is this turning out to be a major barrier? Should we put mass-check back into the distro? I needed to use mass-check a few months ago and could not find it where the wiki s

Re: Safe "Phishing"

2008-02-01 Thread Joseph Brennan
--On Friday, February 1, 2008 3:10 -0800 giga328 <[EMAIL PROTECTED]> wrote: I have question about one list from MailScanner. It is list at http://www.mailscanner.info/phishing.safe.sites.conf.master and here is part of text from it: This file contains the list of all the sites which can be s

Re: Partial RBL exclusion

2008-02-01 Thread Matus UHLAR - fantomas
On 01.02.08 03:23, giga328 wrote: > Some of our IP address blocks are in some RBL list just because we use those > IPs for ADSL and that is normal. For example in SORBS Dynamic IP Space (LAN, > Cable, DSL & Dial Ups) – SORBS DUHL. > We need some way to exclude in testing our IP addresses from SORBS

Re: Bulk spam scan

2008-02-01 Thread Matus UHLAR - fantomas
> On Thu, Jan 31, 2008 at 05:53:57PM -0500, Kris Deugau wrote: > > No, SA doesn't know how to split up messages for scanning; sa-learn is > > the only SA component that can extract messages from an mbox mail folder. On 31.01.08 19:23, Theo Van Dinter wrote: > Huh? SA, and spamassassin specifica

Re: Safe "Phishing"

2008-02-01 Thread Anthony Peacock
Hi, I wasn't suggesting that you used MailScanner, I was merely pointing out that these lists are very specifically created and used for a feature of MailScanner that has nothing to do with SPAM detection, ie the Phising Detection feature. Because of that you will need to know what the inclu

Re: Splitting test in two parts

2008-02-01 Thread Matt Kettler
giga328 wrote: I would like to split SpamAssassin test in two parts: a) all test except in b) ;) b) several expensive test which can not produce negative score If after doing tests in a) score is greater than needed I would like to stop scanning with spam result. If score is not big enough I woul

Re: Partial RBL exclusion

2008-02-01 Thread giga328
Hi Justin, Thank you for that. I'm back to Mail::SpamAssassin::Conf to take that lesson again ;) Regard, Giga Justin Mason wrote: > > > yes, this is easily done -- look up "trusted_networks" and > "internal_networks" settings. > > --j. > > -- View this message in context: http://www.na

Re: Safe "Phishing"

2008-02-01 Thread giga328
Hi Anthony, I will ask people from MailScanner also but for my email system is not possible to use MailScanner directly so I'm using spamd. My question is about lowering chances for false positives by having safe list from MailScanner. But since I just started to use SpamAssassing I'm asking is i

Re: Creating meta rule

2008-02-01 Thread Matt Kettler
Robert Fitzpatrick wrote: Looking at my stats I see those hitting LONGWORDS and scoring BAYES_50 or higher are all big time spam that have been hard to catch, see my posts earlier this week 'bayes and celeb spam'. Would it be a bad idea to add to the score when both hit? It looks like a score of

Re: Partial RBL exclusion

2008-02-01 Thread Justin Mason
yes, this is easily done -- look up "trusted_networks" and "internal_networks" settings. --j. giga328 writes: > > Some of our IP address blocks are in some RBL list just because we use those > IPs for ADSL and that is normal. For example in SORBS Dynamic IP Space (LAN, > Cable, DSL & Dial Ups)

Splitting test in two parts

2008-02-01 Thread giga328
I would like to split SpamAssassin test in two parts: a) all test except in b) ;) b) several expensive test which can not produce negative score If after doing tests in a) score is greater than needed I would like to stop scanning with spam result. If score is not big enough I would like that Spam

Partial RBL exclusion

2008-02-01 Thread giga328
Some of our IP address blocks are in some RBL list just because we use those IPs for ADSL and that is normal. For example in SORBS Dynamic IP Space (LAN, Cable, DSL & Dial Ups) – SORBS DUHL. We need some way to exclude in testing our IP addresses from SORBS DUHL but not from other SORBS lists. Is

Re: Safe "Phishing"

2008-02-01 Thread Anthony Peacock
Hi, Those files are effectively, white and black lists for the Phising detection feature of MailScanner. I have never heard of anyone using them to add scores to spam. Your best best, might be to ask on the MailScanner mailing list, where the author regularly contributes. He would be able

Safe "Phishing"

2008-02-01 Thread giga328
I have question about one list from MailScanner. It is list at http://www.mailscanner.info/phishing.safe.sites.conf.master and here is part of text from it: This file contains the list of all the sites which can be safely ignored in the "phishing fraud" checks. My question can it be used by SpamA